Your Wi-Fi isn’t safe anymore! 2 million passwords leaked!
A widely used hotspot finder app has been found to be guilty of exposing Wi-Fi network passwords for more than two million networks.
A Wi-Fi searching app:
The app which has been downloaded by users in the thousands enables people to search for Wi-Fi networks in the area they are currently located in. It is just like Tinder except that it lets you search for a Wi-Fi match rather than a potential dating match.
How did the app screw up?
Similar to how Truecaller works, the app would let people upload Wi-Fi network passwords from their devices to the app’s database for other users’ convenience.
This led to the database of more than two million passwords getting exposed – enabling just about anyone to access and download its content.
The leaked records contained the Wi-Fi network name, the exact location of the network, and the unencrypted network password stored in plain text.
This is a serious invasion to user’s internet privacy since the app didn’t require the permission of network owners, making the networks vulnerable to unauthorized access.
What could be the repercussions of such a breach?
An attacker able to access the network owing to the breach could easily modify router settings to direct unsuspecting users to malicious websites by modifying the DNS server.
This could enable the hacker to access unencrypted traffic passing through the network and even steal passwords.
Experts who came across the database tried to inform the developer but were unable to do so. Fortunately, the service hosting the app’s server, took it down immediately, while the app has also been removed from the Google store.
How to avoid becoming affected by such a breach in the future?
DO NOT download and use untrusted, unverified apps for any reason. Especially those with extremely narrow used cases. However, a VPN can always come in handy when it comes to ensuring the safe transmission of data when on a public Wi-Fi.
Thus, even if something bad happens and your Wi-Fi gets compromised, the hackers won’t be able to access your data.